[1] Report: Consumers Vulnerable to Profiling, Price DiscriminationA new report released by the Annenberg Public Policy Center shows thatconsumers are largely unaware of how their personal information
is usedby businesses, and they object to behavioral profiling, pricediscrimination, and the purchase of their personal information
fromdatabase companies. The report also found that the respondentsincorrectly believe that "laws prevent online and offline stores
fromselling their personal information," and that "stores cannot charge themdifferent prices based on what they know about them."
The report isbased on a phone survey of 1,500 Internet-using adults. It focuses ontwo trends that are driven by the collection of
personal information:behavioral targeting, where individuals are presented different productsbased on their shopping habits; and price discrimination,
whereindividuals are charged differently based on what the business knowsabout consumers.

Using "first degree" price discrimination, a company can determine themaximum that an individual is willing to pay for a product,
and engagein "dynamic" pricing. This enables sellers to hawk the same products atthe same time to different people at different prices.
Dynamic pricingis even easier to employ in an online environment, where users aretracked by registration data and cookies.

The report was presented a press conference at the National Press Clubby Annenberg Public Policy Center Professor Joe Turow. Joining
ProfessorTurow at the event were FTC Commissioner John Liebowitz, EPIC ExecutiveDirector Marc Rotenberg, and Professor Rene Hobbs.

Mr. Rotenberg said that the report demonstrated the need for the FederalTrade Commission to safeguard consumer privacy. "Privacy policies
havefailed to provide meaningful protection for American consumers. Onlineprofiling also raises the risk of 'digital redlining' that
will excludesome consumers from the marketplace. It is the FTC's role to safeguardonline privacy, and crackdown on unfair business
practices," said Mr.Rotenberg.

The Annenberg report recommends three courses of action. First, because75% of Internet users incorrectly believe that a site with
a privacypolicy does not share information with third parties, companies shoulduse the label "Using Your Information" rather than
"Privacy Policy" todescribe their data handling practices. Second, school systems shoulddevelop consumer education and media literacy
curricula. Finally, inlight of a finding that the vast majority of respondents believe thatthey could be harmed by commercial collection
of personal information,the study's authors called for more transparency in data handlingpractices.

"Open to Exploitation: American Shoppers Online and Offline" byAnnenberg Public Policy Center of the University of Pennsylvania (pdf):

[2] EPIC Urges Close Scrutiny of Sunsetting USA PATRIOT Act ProvisionsThe Senate Select Committee on Intelligence is considering legislationthat would reauthorize the sunsetting provisions of the USA
PATRIOT Actand expand the FBI's investigative powers. Included in the draft billare provisions that would (1) give the FBI greater
authority to demandthat the U.S. Postal Service perform mail covers and (2) permit the FBIto issue "administrative subpoenas" in
foreign intelligence andterrorism investigations.

EPIC issued a statement for the record for the Committee's May 24hearing. EPIC urged the Committee to carefully consider whether
eachsunsetting provision should be reauthorized as written or whethermodifications are necessary, rather than simply voting to renew
allprovisions as currently written. In addition, EPIC urged the Committeeto oppose the expansion of the FBI's investigative powers
absentevidence that such expansion is necessary. EPIC said that the executivebranch has not publicly demonstrated a need for providing
greaterauthority to the FBI, that there is no indication that such authority isnecessary for the FBI to ensure national security,
and that theprovisions reach far beyond any authority publicly sought by the FBI.

In addition, EPIC, along with twenty-four other organizations, sent aletter to the Chairman and Vice Chairman of the Committee urging
themnot to grant the FBI authority to write their own search and disclosureorders without judicial approval. The letter reminded
the Committee ofU.S. Attorney General Alberto Gonzales's repeated emphasis that theprior judicial approval required under current
law is a safeguardagainst abuse and that current law gives the FBI far-reaching compulsorypowers to obtain any relevant information
when it is investigatingterrorism. Additionally, the letter stated that the burden of proofestablished by the 9/11 Commission for
retaining and adding particulargovernmental powers has not been satisfied and the adoption of theprovision would give the FBI unjustified
and unaccountable new powers.

[3] Government Proposes to "Virtually Strip Search" Air PassengersThe Transportation Security Administration (TSA) recently announced thatit would expand the use of new X-ray machines to general air
passengerstraveling at 16 select airports throughout the U.S. TSA said it believesthat use of the machines to search air travelers
is less invasive thanpat-down searches. However, the use of these machines, which show imagesof a person's naked body, do pose a
risk to the privacy rights of airtravelers.

The machines use high-energy X-rays that are more likely to scatter thanpenetrate materials as compared to lower-energy X-rays used
in medicalapplications. Although this type of X-ray is said to be harmless it canmove through other materials, such as clothing.
A passenger is scannedby moving a single high energy X-ray beam rapidly over her body. Thesignal strength of detected backscattered
X-rays from a known positionthen allows a highly realistic image to be reconstructed. In the caseof airline passenger screening,
the image is of her nude form. Theimage resolution of the technology is high, so the picture of the bodypresented to screeners is
detailed.

The $100,000 backscatter machines were previously tested at 12 airportsby U.S. Customs agents who screened passengers suspected of
carryingdrugs. The machines are also being used at London's Heathrow airport.TSA has not formally announced when or where the backscatter machineswill be used to screen regular air travelers. However, media
reportshave revealed some of the airports where the machines will be used. Theairports include: Baltimore/Washington, Dallas/Fort
Worth, Jacksonville,Phoenix and San Francisco.

Legal experts believe that the use of the device by government agenciescould be an impermissible search, under both the US constitution
andEuropean privacy law.

[4] Government Report: Federal Agencies' RFID Plans FlawedThe Government Accountability Office (GAO) released a report last weekthat found thirteen government agencies are using or plan to
use RadioFrequency Identification (RFID) tags, but only one agency identified anylegal or privacy issues with the use of the tags.
The federal agenciesplan to use RFID in identification cards, and to track employees'movements and sensitive documents. The report did not address the use byagencies of RFID data that is obtained from third parties.

RFID is used to electronically identify, track, and store information onchips or tags. Tests have shown that RFID tags can be read
at a distanceof thirty feet, which presents significant privacy and security risks.The privacy risks involve the tracking of individuals, profiling ofindividuals based on the collection of data, and the use of data
forpurposes other than that which they were collected for. The securityrisks relate to data confidentiality, integrity and availability.
Theseprivacy and security risks are inherent in "skimming" and"eavesdropping." Skimming occurs when information from an RFID chip
issurreptitiously gathered by an unauthorized individual. Eavesdroppingoccurs when an individual intercepts data as it is read by
an authorizedRFID readerThe report identifies ways for government agencies to address theprivacy risks. These include: deactivation
of the tags once theirfunction is fulfilled, blocking technology that disrupts transmission,and an opt-in/opt-out framework for the
data collected. RFID securityrisks can be decreased with the use of authentication technology, whichprevents unauthorized readers
from detecting the tags, and encryptiontechnology, which preserves confidentiality and integrity ofinformation.

This report comes a month after the State Department revised its plansto use passports with unencrypted RFID tags in response to criticismfrom
EPIC, other civil liberties groups, privacy and security experts,and the travel industry. The proposal would have made personal datacontained
in hi-tech passports vulnerable to unauthorized access.

[5] Conference in Congo Covers Privacy Policies and Internet GovernanceEPIC sponsored a two-day conference in Brazzaville, Republic of Congo,on May 16 and 17, about linking research on information andcommunication
technologies (ICT's) to development. The Congo-basednon-governmental organization (NGO) Azur Développement organized aworkshop and
a symposium to address research on ICT's, privacy policyand Internet governance issues.

The symposium analyzed the current barriers and challenges to theincrease of research on ICT's in universities and high schools, theimpact
of research on ICT's on the development of communities, and therole of research on ICT's in the Information Society. EPIC Director
ofthe International Privacy Project Cedric Laurant talked about the recentdevelopments in privacy around the world, as well as about
securityissues related to the use of e-mail and other Internet-basedtechnologies.

Other speakers discussed the opportunities and challenges of theInformation Society, the ways to integrate research on ICT's incommunity
projects, Internet governance, ICT policy in Africa, thechallenges of electronic privacy in Congo, and the World Summit onInformation
Society. Students shared reports on the challenges ofe-commerce in Congo; electronic privacy and security; research on ICT'sin Africa
and their development in Congo; volunteers' use of ICT's;freedom of speech on the Internet; and the integration of research onICT's in community projects.

The preparatory workshop, held the day before the symposium, allowed NGOrepresentatives and university students to explore the various
ICT'sthat can help them carry out their research and apply for grants whendeveloping public interest community projects. The workshop
alsoprovided information on how to disseminate information and network withothers more efficiently using ICT's.

Presentations and Documents from the Conference (currently in Frenchonly, but soon available in English):

[6] News in BriefEPIC Voting Project Urges Privacy Safeguards for DatabasesThe National Committee for Voting Integrity has submitted comments tothe
Election Assistance Commission on the proposed creation ofcentralized statewide voter registration databases. NCVI said that theregistration
systems must assure voter privacy by adhering to fairinformation practices, and allow voters to verify information, correctinaccurate
information, and be assured that the information providedwill not be used for non-voting related purposes.

Court Rules Against Japan ID PlanA Japanese court has ruled that individuals may not be required toprovide personal information for
the National Residence Registry Networkor "Juki Net." The court said that Article 13 of the Japaneseconstitution applied to all of
the data sought by the government for thedatabase, which includes names, addresses, birth dates and sexes, plus11-digit resident
codes. A second court ruled that the first four piecesof personal information, which people can access over the network, "donot need
to be highly protected." Similar lawsuits have been filed in 13different courts across Japan, challenging the collection of data
forJuki Net.

System Allows Parents To Spy on Children's LunchesThree school districts in Atlanta, Ga., last week began to allow parentsto monitor
their children's meals through an electronic lunch paymentsystem called Mealpay.com, created by Horizon Software International.Each time a student buys an item at the school cafeteria, whetherthrough an account or in cash, they key in their ID number and recordeach
purchase for parents to view online. Some parents are monitoringmeals as a way to stem obesity in their children.

New York City Plans to Install 400 More Surveillance CamerasThe New York City police department announced this week that it plans
toinstall as many as 400 surveillance cameras in high-crime andhigh-traffic areas around the city. The cameras would record digitalvideotape
but would not be monitored live by police officers. They wouldbe in addition to 80 surveillance cameras already in New York. Othercities
with large camera surveillance systems, often financed withfederal grants, include Chicago, Baltimore and New Orleans. EPIC's MaySpotlight
on Surveillance reported that such surveillance systems havelittle effect on crime, and that it is more effective to placeadditional
officers on the streets and improve lighting in high-crimeareas.

A major clothing seller once declared that, "an educated consumer is ourbest customer." If retailers listen to Larry Selden and GeoffreyColvin's
advice in "Angel Customers and Demon Customers, " the suckerconsumer will be the new "best" customer. Selden and Colvin argue thatbusinesses
should divide their customer bases into "angel" and "demon"consumers. Angels are not careful with their money; they charge $5,000plane tickets and keep high credit card balances. Demons are
those whopay their credit card bills in full, buy products that are discounted,return items, or those who spend sales associates'
time asking questionsabout products. In other words, the authors imply that frugal, smartshoppers who do their homework are demonic.
Angels should be rewarded,while demons' behavior should be shaped so that it becomes moreprofitable for the business. In extreme
cases, demon customers should be"fired." Already, Selden and Colvin's ideas have taken root at majorcompanies, including Best Buy
and Fidelity Bank.

As with other books of this genre, "Angel Customers and Demon Customers"could be less repetitive and emotional, but more importantly, it couldbe more insightful. The authors devote only a single paragraph
to theprivacy implications of their proposal. There is no serious discussionof the ethical dimension of price and service discrimination.
In lightof the Annenberg Policy Report released this week, where respondentsobjected strongly to both business practices, this book
could beimproved by a thoughtful treatment of the bounds of "good' and "evil"and the implications of categorizing people as such.

While some of the authors' proposals have merit, overall these practicesare dangerous. On one level, the practices would seem to
reducecompetition, as focus would be shifted away from developing the bestproduct at the lowest price to one where the focus is identifying
theloyal and shaping the thrifty into spendthrifts. Also, these practiceswill favor the rich and unfairly penalize the poor and minorities(according
to the Wall Street Journal, Best Buy identified their mostdesirable customers as "upper-income men, suburban mothers,small-business
owners, young family men, and technology enthusiasts").With time, these practices could negatively alter the balance of powerbetween the consumer individual and businesses, encouraging
one to ask:"Should I return that item, or will it mark me as a demon?"

This survey, by EPIC and Privacy International, reviews the state ofprivacy in more than sixty countries around the world. The surveyexamines
a wide range of privacy issues including data protection,passenger profiling, genetic databases, video surveillance, ID systemsand
freedom of information laws.

This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 22ndedition fully updates the manual
that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or
need to learn how to litigatethem), this is an essential reference manual.

This resource promotes a dialogue on the issues, the outcomes, and theprocess of the World Summit on the Information Society (WSIS).
Thisreference guide provides the official UN documents, regional andissue-oriented perspectives, as well as recommendations and
proposalsfor future action, as well as a useful list of resources and contactsfor individuals and organizations that wish to become
more involved inthe WSIS process.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists
who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested
in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand
the basic responsibilities for businesses in the online economy.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption
products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption
to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

Privacy PolicyThe EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or
share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do
not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription
information."

About EPICThe Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord
privacy, and the collection and sale of personal information.EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
seehttp://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248(fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible.
Checks should be made out to "EPIC" and sent to 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you cancontribute
online at:

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation
ofencryption and expanding wiretapping powers.